44 matches found
EUVD-2024-18133
Malicious code in bioql PyPI...
CVE-2024-20418
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating...
Advantech EKI-6333AC-2G和Advantech EKI-6333AC-2GD 安全漏洞
The Advantech EKI-6333AC-2G and Advantech EKI-6333AC-2GD are both industrial-grade wireless access points APs from Advantech, China. A security vulnerability exists in the Advantech EKI-6333AC-2G version 1.6.3 and earlier, EKI-6333AC-2GD version v1.6.3 and earlier, and EKI-6333AC-1GPO version...
Cisco Unified Industrial Wireless Software Command Injection Vulnerability
Cisco Unified Industrial Wireless Software is a software provided by Cisco for industrial wireless networks. A command injection vulnerability exists in Cisco Unified Industrial Wireless Software. The vulnerability is caused due to improper validation of inputs to the web management interface of...
The vulnerability in the web interface of Cisco Unified Industrial Wireless network devices’ Cisco Ultra-Reliable Wireless Backhaul software allows a attacker to execute arbitrary code with root privileges.
The vulnerability of the Cisco Unified Industrial Wireless network device management web interface for Cisco Ultra-Reliable Wireless Backhaul URWB is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a...
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...
Cisco Unified Industrial Wireless Software 命令注入漏洞
Cisco Unified Industrial Wireless Software is a software provided by Cisco for industrial wireless networks. A command injection vulnerability exists in Cisco Unified Industrial Wireless Software. The vulnerability is caused due to improper validation of inputs to the web management interface of...
PT-2024-7681
Name of the Vulnerable Software and Affected Versions: Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points versions prior to 17.15.1 Catalyst IW9165D Heavy Duty Access Points versions prior to 17.15.1 Catalyst IW9165E Rugged Access Points and...
The vulnerability of microprogrammed software in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters exists due to the presence of rigidly encrypted credentials in the application code. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
PT-2024-5759 · Vonets · Vonets Industrial Wifi Bridge Relays +1
Name of the Vulnerable Software and Affected Versions: Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters versions 3.3.23.6.9 and prior Description: The issue is related to stack-based buffer overflow vulnerabilities in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters...
The vulnerability of the httpd Manage_request function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary code.
The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the httpd next_page function in the microprogramming software of industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary commands.
The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Honeywell OneWireless 访问控制错误漏洞
Honeywell OneWireless is an industrial wireless mesh network from Honeywell that can simultaneously support ISA100 Wireless IEC 62734, WirelessHART IEC 62591 field instruments transmitters, actuators, etc., Wi-Fi devices and Ethernet/IP-based devices. A security vulnerability exists in Honeywell...
Delta Electronics DVW-W02W2-E2 操作系统命令注入漏洞
Delta Electronics DVW-W02W2-E2 is an industrial wireless networking solution from Delta Electronics China. A security vulnerability exists in the Delta Electronics DVW-W02W2-E2 version 1.5.0.10, which originates from an attacker being able to implement command injection via a crafted URL...
Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Francesco Benvenuto and Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a... This...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Exploit
Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fwurl' POST...
Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
CVE-2021-33535
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iwconsole coniowritestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can se...
CVE-2021-33539
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web...
CVE-2021-33537
In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An...